AzRoleAdvertizer

last sync: 2025-Sep-02 17:22:46 UTC

Defender Unified RBAC Contributor and Responder

Azure BuiltIn RBAC Role definition

NameDefender Unified RBAC Contributor and Responder
Id625a1cea-653b-4a19-bd3a-df1d66ab6637
DescriptionDefender Unified RBAC Contributor and Responder. This role is managed and assigned automatically by the Defender Unified RBAC system. Manual assignment of this role is not recommended, as the Defender Unified RBAC system may modify or remove it at any time based on system requirements.
CategoryNone
CreatedOn2025-08-29 14:53:37 UTC
UpdatedOn2025-08-29 14:53:37 UTC
Permissions summary Effective control plane and data plane operations: 1040 (unique operations)
•action: 33
•delete: 39
•read: 924
•write: 44

Actions: 24
Resolved control plane operations from Actions: 1047
Effective control plane operations: 1040
•action: 33
•delete: 39
•read: 924
•write: 44

NotActions: 4
Resolved control plane operations from NotActions: 7
Effective denied control plane operations: 16027

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3725
Actions
Operation Description
Microsoft.OperationalInsights/querypacks/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/analytics/query/actionSearch using new engine.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/query/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/query/readRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/savedSearches/*wildcarded / no description
Microsoft.OperationalInsights/workspaces/savedSearches/readGets a saved search query.
Microsoft.OperationsManagement/solutions/readGet exiting OMS solution
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.SecurityInsights/*wildcarded / no description
Microsoft.SecurityInsights/*/readwildcarded / no description
Microsoft.SecurityInsights/automationRules/*wildcarded / no description
Microsoft.SecurityInsights/businessApplicationAgents/systems/undoAction/actionUndoes an action
Microsoft.SecurityInsights/cases/*wildcarded / no description
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionCheck user authorization and license
Microsoft.SecurityInsights/entities/runPlaybook/actionRun playbook on entity
Microsoft.SecurityInsights/incidents/*wildcarded / no description
Microsoft.SecurityInsights/threatIntelligence/bulkTag/actionBulk Tags Threat Intelligence
Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/actionAppend tags to Threat Intelligence Indicator
Microsoft.SecurityInsights/threatIntelligence/indicators/query/actionQuery Threat Intelligence Indicators
Microsoft.SecurityInsights/threatIntelligence/indicators/replaceTags/actionReplace Tags of Threat Intelligence Indicator
Microsoft.SecurityInsights/threatIntelligence/queryIndicators/actionQuery Threat Intelligence Indicators
NotActions
Operation Description
Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*wildcarded / no description
Microsoft.SecurityInsights/cases/*/Deletewildcarded / no description
Microsoft.SecurityInsights/ConfidentialWatchlists/*wildcarded / no description
Microsoft.SecurityInsights/incidents/*/Deletewildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-08-29 17:22:35 add: Role 625a1cea-653b-4a19-bd3a-df1d66ab6637
JSON
api-version=2023-07-01-preview
Condition none